---
image: {{ .ModuleName }}/{{ .ImageName }}
fromImage: common/distroless
import:
- artifact: {{ $.ModuleName }}/{{ $.ImageName }}-artifact
  add: /kube-rbac-proxy
  to: /kube-rbac-proxy
  before: setup
docker:
  ENTRYPOINT: ["/kube-rbac-proxy", "--tls-cipher-suites", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"]
  EXPOSE: "8080"
---
artifact: {{ .ModuleName }}/{{ .ImageName }}-artifact
from: {{ $.Images.BASE_GOLANG_20_ALPINE_DEV }}
git:
- add: /{{ $.ModulePath }}modules/000-{{ $.ModuleName }}/images/{{ $.ImageName }}/patches
  to: /patches
  stageDependencies:
    install:
    - '**/*'
mount:
- fromPath: ~/go-pkg-cache
  to: /go/pkg
shell:
  beforeInstall:
  - git clone --depth 1 --branch v0.11.0 {{ .SOURCE_REPO }}/brancz/kube-rbac-proxy.git /src
  install:
  - cd /src
  - test -d /patches && for patchfile in /patches/*.patch ; do patch -p1 < ${patchfile}; done
  - export GOPROXY={{ .GOPROXY }} GOOS=linux GOARCH=amd64 CGO_ENABLED=0
  - go mod edit -go 1.20
  - go get golang.org/x/net@v0.17.0
  - go get github.com/prometheus/client_golang@v1.17.0
  - go get github.com/gogo/protobuf@v1.3.2
  - go mod tidy
  - make build
  - cp /src/_output/kube-rbac-proxy-linux-$(go env GOARCH) /kube-rbac-proxy
  - chown 64535:64535 /kube-rbac-proxy
  - chmod 0755 /kube-rbac-proxy
